Filter

Physical Protection (PE)

Enforce safeguarding measures for CUI at alternate work sites.


Login

Risk Assessment (RA)

Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI.


Login

Risk Assessment (RA)

Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.


Login

Risk Assessment (RA)

Remediate vulnerabilities in accordance with risk assessments.


Login

Risk Assessment (RA)

Employ threat intelligence, at a minimum from open or commercial sources, and any DoD-provided sources, as part of a risk assessment to guide and inform the development of organizational systems, security architectures, selection of security solutions, monitoring, threat hunting, and response and recovery activities.


Login

Risk Assessment (RA)

Level 3

Conduct cyber threat hunting activities on an on-going aperiodic basis or when indications warrant, to search for indicators of compromise in organizational systems and detect, track, and disrupt threats that evade existing controls.


Login

Risk Assessment (RA)

Employ advanced automation and analytics capabilities in support of analysts to predict and identify risks to organizations, systems, and system components.


Login

Risk Assessment (RA)

Document or reference in the system security plan the security solution selected, the rationale for the security solution, and the risk determination.


Login

Risk Assessment (RA)

Assess the effectiveness of security solutions at least annually or upon receipt of relevant cyber threat information, or in response to a relevant cyber incident, to address anticipated risk to organizational systems and the organization based on current and accumulated threat intelligence.


Login

Risk Assessment (RA)

Assess, respond to, and monitor supply chain risks associated with organizational systems and system components.


Login